I am committed to safeguarding the privacy of my customers and website visitors. In this policy I will explain how I will treat your personal information.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice I may provide on specific occasions when I am collecting or processing personal data about you so that you are fully aware of how and why I am using your data. This privacy notice supplements the other notices and is not intended to override them.
Joanna Bojarska is the controller and responsible for your personal data.
Business full details:
My trading name is Beauty by Joanna, or Beauty by Joanna Bojarska, or Joanna Bojarska – the beauty expert, which are trading style of Joanna Bojarska- Professional Beauty Services.
Joanna Bojarska – Professional Beauty Services is a sole-trader company, and its registered in England at Joanna Bojarska- Professional Beauty Services, 37 Jubilee Road, RG14 7NN, Newbury, West Berkshire.
You have the right to make complaint at any time to the Information Commissioner ‘s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk)
I would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact me in the first instance.
- Visit my salon (salon locations are available to in Contact me section)
- Visit your chosen place with the mobile services option
- Make appointment by telephone or email
- Filling in Client’s Personal Data & Consent Form before the treatments
- Visit my website
- Booking the presentation, training with me
- Sending me PR packages.
Changes to the privacy notice and your duty to inform us of changes
This version was last updated on 1 March 2020.
I reserve the right to amend this Privacy Notice at any time. Any changes I may make to our notice in the future will be posted on this page and, where appropriate, notified to you by email or SMS.
It is important that the personal data I hold about you is accurate and current. Please keep me informed if your personal data changes during your relationship with me.
This website does include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third-party websites and are not responsible for their privacy statements. When you leave my website, I encourage you to read the privacy notice of every website you visit.
The Legal Basis for me collecting your data
The law on data protection sets out a number of different reasons that a company can collect and process your personal data. These include:
In specific situations, I can collect and process your data with your consent. When collecting your personal data, I’ll always make clear to you which data is necessary in connection with a particular service.
- Contractual obligations
In certain circumstances, I need your personal data to comply with my contractual obligations, for example to give to a courier if I post you a product.
- Legal compliance
If the law requires us to, I may need to collect and process your data.
- Legitimate interest
In specific situations, I require your data to pursue my legitimate interests in a way which might reasonably be expected as part of running my business and which does not materially impact your rights, freedom or interests.
What types of information do I collect about you?
In order to provide you with a safe and individually tailored service I need to collect your potentially sensitive personal data. Typically this may include:
- Your contact details including title, full name, address, telephone, email
- Your gender, date-of-birth and employment
- Certain aspects of your medical history such as allergy information, lifestyle, diet, current treatments and the name of your doctor
- Your treatments and product purchase history
- “Marketing” data, including history of communications, whether you open email or click on links, and information about products or services I think you may be interested in, and analysing data to help target offers to you that I think are of interest or relevance to you. This may include technical information about your internet connection and browser.
- Reviews of my products and service that you may choose to complete.
- Your image may be recorded on Close Circuit TV (CCTV) when you visit the clinic. Generally this is not personally identifiable and is not stored for more than 7 days.
- Your photo may be saved to your confidential client record for the purposes of treatment recommendations and insurance.
- I do not “augment” data you have given me from any third party data provider. I do not persistently save your payment card details in any of my systems. My promise is to ensure I only collect the absolute minimum needed to provide you with the very best service.
Using your face or body image for the marketing Purposes
When you are filling in the Clients Consent Form you can simply circle NO in the photography/video usage section and therefore I won’t be allowed to use any of the photos or videos of your person taken, for marketing purposes
How long will I keep your information?
I’ll keep your information only for as long as you have a relationship with me. After it ends I will only keep it where I may need it for legitimate purposes. For example, to help me respond to queries or complaints or in line with legal and regulatory requirements or guidance.
How do I use the information we collect about you?
I promise that I will only use the information that you provide to us in a responsible way and only when you have given me explicit consent. These are ways I will use the data you provide:
- Assessing and providing the appropriate treatment plan for your personal circumstances
- To improve the operation of my business and the service I provide to you
- For direct marketing communications and related profiling to help me to offer you relevant products and service, including deciding whether or not to offer you certain products and service
- To comply with legal and regulatory obligations, requirements and guidance
- I sometimes need to share your personal data with trusted third parties. Here’s the policy I apply to those organisations to keep your data safe and protect your privacy:
I provide only the information they need to perform their specific service.
They may only use your data for the exact purposes I specify in my contract with them. I work closely with them to ensure that your privacy is respected and protected at all times.
If I stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties I work with are:
- IT companies who support my website and other business systems.
- Business location I operate from – please see contact me section, where you can find my current operation locations
- Operational companies such as delivery couriers.
- Direct marketing companies who help me manage our electronic communications with you.
- Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
I do not share data with third party companies for their own use.
Is your personal information transferred outside the UK/EEA?
My business based in the UK. Some of my service providers may store your personal information on servers outside the European Economic Area (EEA). If they do then I will make sure that suitable safeguards are in place, for example by using approved contractual agreements.
Your rights regarding the personal information you provide
You have a number of legal rights relating to the information I hold on your behalf. These include:
- to see what information I hold and how I process it
- to ask me to update incorrect, out-of-date or incomplete details
- to object to or restrict processing of the data
- the right to have your personal information erased (the “right to be forgotten”)
- the right to move, copy or transfer your personal information (”data portability”)
When will you contact me?
To provide a timely and relevant service I will need to contact you. I will ask you for your preferred contact method but this may include text messages (SMS), Email, telephone or post.
The following are the principal reasons for me contacting you:
- to administer/manage appointments for treatment or consultation
- in relation to any correspondence I receive from you or any comment or complaint you make about my service
- to update you on any material changes of my policies and practices
- for reasonable marketing purposes but only if you have given me consent and this will be restricted to your preferred contact method(s).
Children (clients under the age of 18)
From time-to-time I am asked to provide treatments for children. I will ask the parent or guardian to provide an explicit consent to any proposed treatment.